By DR. ANDREW COBURN, vice president of catastrophe research and director of terrorism research, and DR. GORDON WOO, a catastrophe risk consultant for Risk Management Solutions Inc.
In December, the U.S. Congress signed the Terrorism Risk Insurance Program Reauthorization Act, a seven-year extension of a federal backstop for terrorism losses. With TRIPRA in place, insurance companies can now plan their provision of terrorism coverage over at least this time period, including the capital to commit, insurance products to offer and the shape of portfolio to build. Central to this, of course, is how terrorism risk is likely to unfold over this business cycle.
This summer Risk Management Solutions Inc. released the seventh annual update of its terrorism risk model, reflecting the seven years of terrorism experience since Sept. 11, 2001. So what have we learned, how have the models helped and what does it tell us about the likely risk over the next seven years? In this two-part article, we first look at how the insurance industry has been managing terrorism risk, the role that modeling has played, and how the model has performed against actual terrorist events and plots.
In the second article, we look at the next seven years, how the trajectory of terrorism risk might change and what this could mean for insurers' terrorism risk management.
Over the past seven years, insurers have managed their terrorism risk by creating and managing accumulation zones that diversify their risk; monitoring aggregations against probable maximum loss scenarios; underwriting to match new business to their portfolio; and maximizing the use of reinsurance where pricing is acceptable
These management techniques are informed by a view of the overall risk--that is, the likely frequency, severity and location of losses. Models have played an important role in helping insurers understand the risks they face and create risk management rules. During the initial TRIA period, models were credited by the Congressional Budget Office for helping to build a private terrorism insurance market by enabling "the industry to improve its ability to predict losses from terrorism and thus to put a price tag on risk more accurately."
Fundamental to the concept of terrorism risk is a highly localized, severe loss scenario across multiple lines of business. Managing this has required new approaches to consolidating multiline exposures to correlate potential losses from property, workers' compensation, life, liability, fine art, specie, etc. It has also involved much more accurate exposure data; address level and individual building data have become the norm.
Selecting scenarios and setting accumulation zones and limits to the capital allocated to them depend on an understanding of the likelihood of attack mode, city and geographical location, and feasible magnitudes of loss. How well have the models described these?
The seven years since Sept. 11, 2001, have been the most active period in terrorism history. There have been 1,450 "macro" terrorist attacks (a car bomb or worse) in 43 countries worldwide. More than 25,000 people have been killed in the attacks and more than 45,000 people injured. In the past three years, more than 60 percent of these have been in Iraq and Afghanistan.
Although London and Madrid were targeted in 2005 and 2004 respectively, the West has suffered relatively few major terrorist attacks. Some have suggested that the risk must be exaggerated--after all, there have been no attacks in the United States since 2001. However, research shows that more than 30 attempted U.S. attack plots have been unraveled in this time, ranging from sophisticated plans to blow up five buildings in the financial centers of New York and Washington, to cyanide attacks on the New York subway. The security forces have clearly been instrumental in protecting the public and minimizing losses.
The RMS model embodies principles of game theory that suggest patterns of attack and targeting, which reflect the priorities of jihadist objectives and the efforts by security forces to counter them. A key element of this has been the focusing of attacks on major cities.
The first RMS model in 2002 predicted a strong gradient of risk, apportioning a lot to major cities like New York and minimal amounts elsewhere. This initially attracted criticism as the model challenged the "population-based" assessments of risk, such as those used to distribute federal funds, and it contrasted with the much flatter gradient of the ISO terrorism rating for insurance.
Countertheories suggested that terrorists might concentrate their attacks in the U.S. homeland--on schools and farms to terrorize suburban populations--but this was not in keeping with jihadist priorities for expending their resources.
The strong emphasis on top-tier cities is a good characterization of terrorism risk, and the relativity of city risk is one of the most useful guides for insurers managing a multicity portfolio.
RMS grades targets according to their "utility" to terrorists, in terms of maximizing casualties, economic disruption and symbolic destruction. This was originally based on published objectives and rhetoric by al-Qaida's leadership, but has been borne out by targets selected by their followers over the past seven years. Nearly two-thirds of attacks have been against targets in the top three tiers of RMS' target database. Plots in the United States have similarly concentrated on these target types.
Predicting targeting patterns is central to managing a risk portfolio within a city and across a mix of insured property types.
Attack mode preferences were originally assessed from pre-2001 terrorist attack patterns, combined with an assessment of "logistical burden"--the tactical resources needed to mount different types and magnitudes of attack. The modelled preferences--including acts of sabotage, conflagration, aircraft attacks and use of standoff weapons--have corresponded closely to those observed worldwide, with one or two exceptions: fewer big-yield bombs than expected, and fewer surface-to-air missile attacks on commercial aircraft.
RMS modeling proposed that 60 percent of macro attacks in the United States would be improvised explosive devices--mainly vehicle bombs. In fact, terrorist attacks worldwide since 2001 have shown even stronger preference than this, favoring IEDs in more than 75 percent of all macro attacks.
Having a good understanding of attack mode preferences enables insurers to make better decisions on their PML scenarios, and the types of aggregation zones they want to manage.
Terrorist attack loss modeling has been reasonably accurate. There have, unfortunately, been many large-scale terrorist attacks to test assumptions about the extent and range of damage that can be caused
Casualty loss estimates are also consistent with observed losses. The average number of casualties in terrorist car bombs in the past seven years has been 17 dead and another 31 injured, increasing to 27 dead and 40 injured in the past year. The RMS model includes more than 16,000 scenarios of a 600-pound car bomb being detonated at a target in the United States. Modeled fatalities in these events reach up to many hundreds, with a median of 13 deaths and a probability-weighted average death toll of just more than 50.
Accurate loss estimation is an important component of assessing risk transfer thresholds, capital allocation and risk appetite. The modeling can claim reasonable consistency with the experience data.
One of the most contentious components of terrorism risk modeling is estimating frequency. Many risk managers feel that this is impossible. RMS has always held that the market encapsulates an inherent view of terrorism frequency in its pricing and management decisions, and so has sought to estimate this explicitly.
RMS has proposed an expected annual frequency of between 0.45 and 0.65 macro terrorist attack in the United States each year. With no successful attacks occurring, has this been a significant overestimate? We don't believe so. For 2009 and beyond, we are continuing to recommend that insurers use a mean frequency estimate of 0.6 events per year.
The RMS approach has been to research the underlying process of how terrorism attacks occur. Since 2001, between three and seven attempted plots have been reported in the United States annually, all of which have been thwarted. The 100 percent interdiction rate of attempted attacks has been better than the modeled assumption. Historical data shows that interdiction success is not always this high. The RMS model assumes an interdiction rate range typical of past major terrorist campaigns, in which up to 90 percent of attack attempts are unsuccessful.
Insurers should base their business decisions on a prudent view of the frequency of historical attacks and not assume that the recent very high interdiction rate of security services will continue to protect them in the longer term.
Terrorism risk has been surprisingly stable over the past seven years. The targeting objectives and attack mode preferences have remained fairly constant. The main changes have been tactical modifications and technique alterations.
This stability is partly because terrorism risk is controlled by counterterrorism activity, which typically increases to match the threat. Terrorism hazard is not simply the jihadist threat, but the degree of the threat that might evade the security services. The record of the past seven years is one of achievement by the Western security and law enforcement services in suppressing terrorist activity, despite a rising threat level.
Modeling has helped insurers characterize their risk in instigating their portfolio management, aggregation controls and risk transfer decisions. The stability of the overall risk picture means that these risk management assumptions are likely to remain valid for a number of years to come. However, as insurers think about their longer term business plans for terrorism risk management--throughout the lifetime of TRIPRA--they should consider contingency measures for potential changes in this risk landscape.
In the accompanying article, we consider how this status quo might change over the next seven years, what new trajectories might occur in terrorism risk and how insurers can manage these eventualities.
September 15, 2008
Copyright 2008© LRP Publications